Transcription

1 cloud report JAN 2014 Netskope Cloud Report In the second Netskope Cloud Report, we ve compiled the most interesting trends on cloud app adoption and usage based on aggregated, anonymized data from the Netskope Active Platform. What is particularly interesting is that cloud app adoption has spread across virtually every business function. What s shocking is that IT professionals underestimate the number of apps in use in their organizations by 90 percent. The number of apps per category is concerning to IT professionals on average, there are 35 HR and 18 Finance/Accounting apps in use per enterprise, where by their own estimates, they had assumed only one or two per department. And in an interesting twist, we found that of all the apps detected, Twitter has the highest usage in enterprises, beating out popular apps for Storage, Productivity, and other enterprise-oriented categories. Report findings are based on billions of cloud app events seen across hundreds of thousands of users and represent usage trends from October December Report Highlights Twitter is the most popular cloud app in the enterprise Enterprises use 10 times the number of cloud apps than IT thinks they do Enterprises use an average of 35 cloud HR and 18 Finance/ Accounting apps Three of the top 10 cloud apps are Storage, and enterprises use an average of 26 such apps

2 Twitter, a Consumer App, is #1 in Enterprise Usage What are the top apps used in the enterprise? According to usage seen in the Netskope Active Platform, Twitter tops the list. We define usage as number of distinct app sessions.1 While it may seem ironic that a consumer cloud app is number one on the list for enterprise usage, it s not surprising. Twitter has become increasingly relevant in business as marketers, salespeople, research and development professionals, and even executives find social media to be an impactful tool in promoting their organizations, consuming relevant news and content, and building their personal brand. While popular consumer apps Facebook and LinkedIn were also among the top used in the platform, those apps did not make the top 10 list. APP NAME CATEGORY APP NAME CATEGORY 1 Twitter Consumer 6 Help Desk 2 Dropbox Storage 7 Productivity 3 Google Drive Storage 8 Help Desk 4 Salesforce.com CRM / SFA 9 5 Box Storage/ Collaboration 10 Concur Finance/ Accounting HR

3 Reality vs. Perception: More Cloud Apps Than You Realize 40 50? Typical IT estimate cloud apps in use in enterprise 397 on average, discovered by Netskope 77% Overall, enterprises using the Netskope Active Platform have an average of 397 cloud apps running in their organizations. However, prior to using Netskope, they typically estimate they have apps. That s 10x. of those cloud apps are not enterprise-ready This lack of visibility has tremendous security and compliance consequences. For one thing, 77 percent of those cloud apps are not enterprise-ready, which means they re rated medium or below in the Netskope Cloud Confidence Index,2 an objective measure of cloud apps security, auditability, and business continuity that has been adapted from Cloud Security Alliance guidance. Even enterprise usage in such apps is high: 67 percent of sessions are in apps rated medium or below. Some of the functional distinctions separating top- and bottom-rated apps include audit logging, granular role-based policies, and separation of customers data in the cloud.

4 35 HR Apps per Enterprise Five most prevalent categories in Netskope Active Platform marketing HR storage CRM/SFA collaboration The five most prevalent categories in the Netskope Active Platform are: Marketing, HR, Storage, CRM/SFA and Collaboration. Perhaps the most striking of these is the number of cloud HR apps per enterprise: 35. While HR is a broad category, with specific apps for benefits, salary, performance, time-tracking, and more, the number still raises security and compliance questions. With that many apps, IT professionals are concerned about whether they have the appropriate controls in place to protect personally- identifiable information. Similarly, there are 18 Finance/Accounting apps per enterprise. While the category isn t in the top five, the number of apps is surprising given regulatory implications. For public companies who must comply with Sarbanes-Oxley, the high number raises the question about whether cloud financial systems and data are being accessed only by authorized individuals. While not every one of the HR or Finance/Accounting apps is subject to regulation, it s not always clear which ones are and whether they are properly controlled. For that, IT must monitor activity within the apps and understand what content is being accessed, edited, deleted, and shared, with whom it is shared, and so on. We also found the number of Storage apps per enterprise to be remarkably high at 26. Unlike HR or Finance/Accounting, which cover a broad set of functions, Storage apps are narrower in scope, and have redundant functionality with each other. Even organizations that have chosen to standardize on one Storage app like Dropbox or Google Drive have discovered a long tail of such apps that are unsanctioned but in use. Given the ease with which content can be synced across multiple devices and shared outside of an organization in these types of apps, this number was especially concerning to IT professionals.

5 What Are People Doing in Cloud Apps? The activities we track in the Netskope Active Platform are especially telling when juxtaposed against policy violations, activities concerning data classified as sensitive or confidential, and data leakage incidents.3 Most common activities in cloud apps Create Upload Share Activities such as upload, share, and download are among the most watched in the Netskope Active Platform because they can signal data leakage or compliance violations. For example, one biopharmaceutical company discovered the use of several big data cloud apps to analyze clinical trial data. Their goal is to prevent the upload of data sets that contain personal health information to such apps that don t meet their HIPAA-HITECH compliance standards. Similarly, a media company discovered users improperly sharing intellectual property with unauthorized third parties via cloud file sharing. Their goal is to limit the sharing of particular content with people and partners outside of the company and even with certain groups within the company. Whether motivated by compliance, loss of intellectual property, or loss of reputation, the concern is widespread. The Ponemon Institute recently reported that 90 percent of organizations admit to losing control of sensitive content in cloud file sharing apps. Delete Post Download View Edit 90% of organizations admit losing control of sensitive content in cloud file-sharing apps

6 What Are People Doing in Cloud Apps? (Continued) Today, the vast majority of policy violations result in an alert action,4 versus a block. We believe this is because the ability to block activities within cloud apps is relatively nascent in the market, and IT professionals are first getting their arms around what activities are being performed and in what context (e.g., sharing sensitive content with people outside of the company, improperly editing fields in Finance/Accounting apps, downloading proprietary content to mobile devices, etc.). As enterprises gain more insight into how their employees are using cloud apps and optimize their policies as a result, we expect policy violation figures to vary widely from period to period. We also expect to see an increase in the use of user coaching messages as a means of educating users about risky behaviors and creating transparency around what policies the enterprise is setting. Notes 1. A session is a distinct time period in which a user logs into an app, performs a series of activities, and then ceases to work in the app for a period of time. Existing usage metrics (e.g., HTTP sessions) are often inaccurate because users don t always log out following active usage. Netskope has developed a proprietary heuristic to measure a more accurate period of activity, which we define as a session. Usage is defined as number of discrete sessions. 2. The Netskope Cloud Confidence Index is a database of nearly 3,000 cloud apps that are evaluated on 30+ objective enterprise-readiness criteria adapted from Cloud Security Alliance guidance, including security, auditability, and business continuity. The results of the evaluation are normalized to a score and mapped to five levels from poor to excellent. 3. We define a policy violation as an activity against which a policy has been set in the Netskope Active Platform. 4. We define a policy action as the resulting action (such as alert, block, or bypass) the administrator instructs the Netskope Active Platform to take in real-time when the system detects a violation of a set policy.

CLOUD REPORT OCTOBER 2014 Report Highlights Organizations have 579 cloud apps in use on average, 88.7% of which aren t enterprise-ready More than one-third of all cloud data leakage policy violations occur

JANUARY CLOUD REPORT 2015 Report Highlights 15 percent of users have had their credentials stolen, and an estimated 13.5 percent of organizations cloud apps are at risk Organizations have 613 cloud apps

KEYS TO CLOUD APP SECURITY Cloud App Security It s About Cloud Confidence Cloud apps they re everywhere these days! They re easy to use and they let people work faster. Forrester predicts the SaaS market

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES Netskope 2015 Enterprises are rapidly adopting Microsoft Office 365. According to the Netskope Cloud Report, the suite is among the top

The Netskope Active Platform Enabling Safe Migration to the Cloud Massive Cloud Adoption Netskope is the leader in safe cloud enablement. With Netskope, IT can protect data and ensure compliance across

Protecting Your Network Against Risky SSL Traffic ABSTRACT Every day more and more Web traffic traverses the Internet in a form that is illegible to eavesdroppers. This traffic is encrypted with Secure

Solve the Dropbox Problem with Enterprise Content Connectors An Accellion Whitepaper Solve the Dropbox Problem with Enterprise Content Connectors Executive Summary Dropbox is one of the most popular services

WHITE PAPER N Do Ex-Employees Still Have Access to Your Corporate Data? An Osterman Research White Paper Published August 2014 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box

MAPS/REPUTATION DASHBOARD It pays to be listed online and monitor what your customers are saying about you. Maps/Reputation Dashboard Local consumers are online searching for nearby businesses that offer

Social Media Marketing for Local Businesses The average number of hours a U.S. consumer spends on social media per week. - PQ Media, 2013 Social is the Norm A lot has changed in the 10 years since Facebook

APERTURE Safely enable your SaaS applications. Unsanctioned use of SaaS (Software as a Service) applications is creating gaps in security visibility and new risks for threat propagation, data leakage and

SaaS A Product Perspective Software-as-a-Service (SaaS) is quickly gaining credibility and market share against traditional packaged software. This presents new opportunities for product groups and also

Remote Monitoring and Management s Remote Monitoring & Management is a 24x7x365 service in which we proactively manage your infrastructure and IT environment to make sure it s in a healthy state and stays

Top Five Ways Any Business Can Benefit from Box Every business, no matter what size, has documents and information that are the foundation of the company. Team members need to access and collaborate on

TIP SHEET 8 WAYS TO BUILD YOUR BRAND USING SOCIAL MEDIA Social media has changed the way our entire world works. Everyone has an equal voice and immediate access to vast networks of friends and followers.

TOP REASONS WHY SIEM CAN T PROTECT YOUR DATA FROM INSIDER THREAT Would you rather know the presumed status of the henhouse or have in-the-moment snapshots of the fox? If you prefer to use a traditional

Enterprise Social Media Marketing Software Evaluation and Selection Guide Summer/Fall 2013 How to use this guide Today s enterprises increasingly recognize that they need a technology solution to manage

Why are e-payslips the future? The current way of producing and distributing payslips is outdated. This handy guide explains how you can bring your payslips into the 21st century. Payslips need to change

are often billed as simple, easy-to-use solutions, so many organizations leverage them as a tool for tracking and managing their data and processes. Unfortunately, spreadsheets have some limitations that

Storing Information on the Cloud for Personal and Small Business Use Presented by: Kristi Robison, Paintrock Consulting Services kristi@paintrockconsulting.com Objectives Defining the cloud A brief look

8 Ways To Build Your Brand Using Social Media 1 introduction 8 Ways to Build Your Brand Using Social Media Social media has changed the way our entire world works. Everyone has an equal voice and immediate

What Dropbox Can t Do For Your Business 33 Things to Consider When Choosing a Secure File Sharing and Collaboration Service for Your Business A Soonr Study Executive Summary The need for a well-rounded

Private Cloud Expected to Grow at Twice the Rate of Public Cloud In This Paper Security, privacy concerns about the cloud remain SaaS is the most popular cloud service model in use today Microsoft, Google

Authored by: Brought to you by Jim Reavis, President - Reavis Consulting Group Brandon Cook, Director, Product Marketing Skyhigh Networks ABSTRACT Shadow IT is a real and growing concern for enterprises

Secure Data Sharing in the Enterprise 2 Follow-me data and productivity for users with security and manageability for IT Productivity today depends on the ability of workers to access and share their data

User-Centric Proactive IT Management The Powered Rise by Frontline of the Performance Mobile Intelligence Workforce Aternity for SAP Gain Control of End User Experience with Aternity 1 P a g e Prepared

10X more productive series CRM SOFTWARE EVALUATION TEMPLATE Find your CRM match with this easy-to-use template. PRESENTED BY How To Use This Template Investing in the right CRM solution will help increase

Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?

Bringing the Cloud into Focus A Whitepaper by CMIT Solutions and Cadence Management Advisors Table Of Contents Introduction: What is The Cloud?.............................. 1 The Cloud Benefits.......................................

Genomic and Clinical Data Sharing Policy Questions with Technology and Security Implications: Consensus s from the Data Safe Havens Task Team Delivery date: 18 October 2014 When the Security Working Group

MassTransit vs. Comparison If you think is an optimal solution for delivering digital files and assets important to the strategic business process, think again. is designed to be a simple utility for remote

White Paper File and Networking Services Taming the Mobile File Sharing Beast To Whom Should You Entrust the Enterprise Goods? Mobile file access and sharing is not only the rage, but it s fast becoming

How Chrome OS and Cloud-Based Collaboration Can Improve Office Productivity or how Google Moved the Desktop Off the Desk. 1. Introduc/on 2. The Excitement about Cloud Compu/ng 4. Chrome More than a Browser

White Paper Contact Center Security: Moving to the True Cloud Today, Cloud is one of the most talked about trends in the IT industry. It s a paradigm many believe will have a widespread business impact.

The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

experts in your field Get the profile: A Progressive Recruitment career guide Contents Introduction... 2 Why you need an online reputation... 3 Monitoring your online reputation... 3 How to protect your

2015 VERA TECHNICAL WHITEPAPER Secure any data, anywhere. The Vera security architecture At Vera TM, we believe that enterprise security perimeters are porous and data will travel. In a world of continuous

Sarbanes-Oxley Compliance for Cloud Applications What Is Sarbanes-Oxley? Sarbanes-Oxley Act (SOX) aims to protect investors and the general public from accounting errors and fraudulent practices. For this